[VIM] Dup: Gallery 1.2.5 (GALLERY_BASEDIR) Multiple RFI Vulnerabilities

Steven M. Christey coley at linus.mitre.org
Mon Apr 16 21:42:34 UTC 2007

No, looks like a dupe to me, too.  In this case, CVE-2002-1412 was already
claimed to affect versions before 1.3.1, with vendor acknowledgement and
fix.  If this new disclosure had been for a NEWER version than 1.3.1, then
this might have been a regression error and could be argued to get a new
tag (certainly for CVE it would).  But since this newer disclosure is
actually for an OLDER version than what was already reported, CVE assumes
there was no regression (for the sake of sanity).

i.e., they are dupes.

- Steve

On Mon, 16 Apr 2007, George A. Theall wrote:

> The issues covered by Milw0rm 3743 / Bugtraq 23502 are a subset of those
> posted back in 2002 by avart at gmx.de; eg,
>    http://archives.neohapsis.com/archives/bugtraq/2002-07/0471.html
> and covered by CVE-2002-1412 / Bugtraq 5375. Or am I missing something?
> George
> --
> theall at tenablesecurity.com

More information about the VIM mailing list